Umbraco ≫ Umbraco Cms

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elev...

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration (/.+/...

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper au...

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, ...

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documenta...

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file pa...

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a...

Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's ...

Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the c...

Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request....